A programmable logic controllerSource: Warut Sintapanon via Alamy Stock Photo
COMMENTARY
Ten years have passed since the infamous Stuxnet attack highlighted the vulnerabilities of the operational technology (OT) systems that play a crucial role in our critical infrastructure. Yet despite advancements, these systems remain exposed, raising concerns about our preparedness for future cyber threats. A recent Dark Reading article by Dan Raywood highlighted how programmable logic controllers (PLCs), specifically Siemens-branded controllers, are still vulnerable.
OT Vulnerability
A core challenge with OT vulnerability lies in human behavior. Threat actors exploit human behavior, causing laziness or convenience to win over security. This leads to weak passwords, neglected updates, and lax adherence to protocols. Exploiting these tendencies, hackers turn easily guessable passwords into master keys and leverage unpatched vulnerabilities to gain access.
The convergence of IT and OT creates a double-edged sword. While it fosters efficiency and innovation, it also expands the attack surface. Creating a network to manage securities for manufacturing equipment subjects critical devices (such as PLCs) that manage machinery to attacks. Hence, the interconnectedness of IT and OT has the potential to become a security nightmare.
Layered Approach to OT Security Is Best
Dark Reading's article recommends using technology that enforces security measures, such as transport layer security (TLS). Although this offers valuable protections, it is far from foolproof. Determined threat actors can still exploit unpatched vulnerabilities or leverage alternative attack vectors, such as IT and OT convergence. If the attackers are motivated enough, they might switch to other methods in which TLS proves useless. Referring to the Siemens PLC vulnerabilities, the attacker may send API instructions directly to the PLC, giving it directions that can harm critical processes.
The article does refer to comments by Colin Finck, tech lead of reverse engineering and connectivity at Enlyze, on the most recent Siemens firmware that supports TLS, which he states aren't good enough. To this extent, the article is correct. But it doesn't explicitly say that cybersecurity needs a layered approach, with encryption being just one piece of the puzzle.
Don't Trust Anybody
This is where device-level protection becomes crucial. Protecting and securing devices, such as PLCs, provides a solution to both growing attack surfaces and the human element. Security involves a simple approach: Don't trust anybody. Therefore, applying and enforcing zero trust helps protect critical infrastructure.
Promoting these strong security policies and establishing clear guidelines for a secure OT environment involves meticulous verification of every access attempt to PLCs. In addition, specific users must be granted only the minimum necessary permissions. Security teams and OT managers alike must champion access controls, ensuring only authorized users can interact with PLCs controlling critical systems on the factory floor. Enforcement of these security policies prevents determined attackers from sending API instructions directly to the PLC.
Moving Forward: Building Resilience
The vulnerabilities in Siemens PLCs serve as a stark reminder of the ongoing struggle to secure our critical infrastructure. Siemens is just one of many PLC vendors, which all have different vulnerabilities on their own. Because of this, cybersecurity must be part of the responsibilities of the floor managers as well as of IT teams. They must understand that a layered approach is necessary, with the first layer being protection of PLCs. Enforcing and managing access and credentials to the PLCs transform vulnerable infrastructure into resilient infrastructure.